Fix extension content verification out-of-band hash fetching

Fix extension content verification out-of-band hash fetching

When we changed content verification to strict mode (crbug.com/601512),
it turns out that the code for downloading missing
verified_contents.json files from the webstore had two longstanding bugs
that we never noticed due to insufficient tests:

a) Returning the results of a boolean expression as an integer
b) Use after free of an object

The end result is that when the patch for crbug.com/601512 hit stable,
many users became unable to run the EFF's HTTPS Everywhere and Privacy
Badger extensions because those are uploaded via a special process where
the webstore does not have a copy of their private key and cannot
include the verified_contents.json file in the .crx file; rather we rely
on being able to download it after install but fail due to the above
mentioned bugs.

This patch fixes the bugs and also introduces a change which clears the
corruption "disable reason" on extension autoupdate, so that users who
had the extension disabled because of this bug can get it re-enabled
automatically by an extension autoupdate.

BUG=643814
Review-Url: https://codereview.chromium.org/2336403002
Cr-Commit-Position: refs/heads/master@{#418748}
(cherry picked from commit e4de9f973eae513486d2912e1793e943fce70014)

Committed: https://chromium.googlesource.com/chromium/src/+/8ad1b10e02b6fa6eb4f7dd0d89518d33c6a0a6ec

[asargent_no_longer_on_chrome, 2016-09-20 05:24:08]

Description was changed from

==========
Fix extension content verification out-of-band hash fetching

When we changed content verification to strict mode (crbug.com/601512),
it turns out that the code for downloading missing
verified_contents.json files from the webstore had two longstanding bugs
that we never noticed due to insufficient tests:

a) Returning the results of a boolean expression as an integer
b) Use after free of an object

The end result is that when the patch for crbug.com/601512 hit stable,
many users became unable to run the EFF's HTTPS Everywhere and Privacy
Badger extensions because those are uploaded via a special process where
the webstore does not have a copy of their private key and cannot
include the verified_contents.json file in the .crx file; rather we rely
on being able to download it after install but fail due to the above
mentioned bugs.

This patch fixes the bugs and also introduces a change which clears the
corruption "disable reason" on extension autoupdate, so that users who
had the extension disabled because of this bug can get it re-enabled
automatically by an extension autoupdate.

BUG=643814

Review-Url: https://codereview.chromium.org/2336403002
Cr-Commit-Position: refs/heads/master@{#418748}
(cherry picked from commit e4de9f973eae513486d2912e1793e943fce70014)
==========

to

==========
Fix extension content verification out-of-band hash fetching

When we changed content verification to strict mode (crbug.com/601512),
it turns out that the code for downloading missing
verified_contents.json files from the webstore had two longstanding bugs
that we never noticed due to insufficient tests:

a) Returning the results of a boolean expression as an integer
b) Use after free of an object

The end result is that when the patch for crbug.com/601512 hit stable,
many users became unable to run the EFF's HTTPS Everywhere and Privacy
Badger extensions because those are uploaded via a special process where
the webstore does not have a copy of their private key and cannot
include the verified_contents.json file in the .crx file; rather we rely
on being able to download it after install but fail due to the above
mentioned bugs.

This patch fixes the bugs and also introduces a change which clears the
corruption "disable reason" on extension autoupdate, so that users who
had the extension disabled because of this bug can get it re-enabled
automatically by an extension autoupdate.

BUG=643814

Review-Url: https://codereview.chromium.org/2336403002
Cr-Commit-Position: refs/heads/master@{#418748}
(cherry picked from commit e4de9f973eae513486d2912e1793e943fce70014)

Committed:
https://chromium.googlesource.com/chromium/src/+/8ad1b10e02b6fa6eb4f7dd0d8951...
==========

[asargent_no_longer_on_chrome, 2016-09-20 05:24:10]

Committed patchset #1 (id:1) manually as
8ad1b10e02b6fa6eb4f7dd0d89518d33c6a0a6ec.